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DETAILED ACTION 

Response to Arguments 

1 . Applicant's arguments filed August 17, 2005 have been fully considered but they 
are moot in view of the news grounds of the rejection. 

Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claims 1,2,10,11,19, and 21-23 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Landfield et al, U.S. Patent 5,632,011 in view of Dutta et al, U.S. 
Patent 6,826,694. 

As per claims 1,10,19, and 21-23, it is disclosed by Landfield et al of a 
communications security system and method to prevent transfer of selected 
communication transactions from a public (untrustworthy) network to a private 
(trustworthy) network comprising a firewall host (server), connected to the public 
(untrustworthy) network, that maintains a database of protection rules, each of which, 
when applied to a communication transaction, identifies that communication transaction 
to be a respective one of the selected communication transactions and a firewall 
(portal), connected between the public (untrustworthy) network and the private (trusted) 
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network. The firewall (portal) selectively transfers the database of protection rules from 
said firewall host (server) via said public (untrustworthy) network; receives a 
communication transaction from the public (untrustworthy) network for transfer to the 
private (trustworthy) network (col. 3, line 35-67 and as shown in Figure 1). The 
examiner is interpreting the firewall (portal) as software operating on the firewall host 
(server). The teachings of Landfield et al fail to disclose of applying each of the 
protection rules to the received communication transaction and prevents the transfer of 
the received communication transaction to the private network if a protection rule 
identifies the received communication transaction to be a respective one of the selected 
communication transactions. It is disclosed by Dutta et al of applying each of the 
protection rules to the received communication transaction and prevents the transfer of 
the received communication transaction to the private network if a protection rule 
identifies the received communication transaction to be a respective one of the selected 
communication transactions (col. 4, lines 58). It would have been obvious to a person 
of ordinary skill in the art at the time of the invention to have been motivated to apply 
prevention of communications if they match a protection rule. The teachings of Dutta et 
al recite motivation for the use of preventing communications if they match a protection 
rule by disclosing high resolution of packet filtering is providing that not only filters 
header information, but additionally payload information (col. 1, lines 11-14 and col. 2, 
lines 7-9). It is obvious to a person of ordinary skill in the art that the teachings of 
Landfield et al could have been modified to allow the firewall to filter data to prevent 
communications if they match a protection rule as is disclosed by Dutta et al. 
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As per claims 2 and 11, it is taught by Landfield et al that the transfer of the 
database from the server to the portal is via a secure protocol (col. 4, lines 4-8). 

4. Claim 20 is rejected under 35 U.S.C. 103(a) as being unpatentable over Nessett 
et al, U.S. Patent 5,968,176 in view of Sheldon in further view of Antur et al, U.S. Patent 
6,243,815. 

It is recited by the teachings of Nessett et al of system for establishing a firewall 
system in a network that has security functions (col. 3, lines 20-22 and col. 5, lines 58- 
60). The teachings are embodied as a WAN that connects private (trustworthy) 
networks across the Internet (untrustworthy network)(col. 10, lines 28-31 and col. 15, 
lines 22-26). A network management station (server) includes a topology database that 
stores the security policy statements (protection rules)(col. 7, lines 13-21). The security 
policy statements (protection rules), when applied, identify the traffic (communications 
transactions) of a particular type of selected communication transaction and how the 
firewall (portal) should behave (col. 3, lines 29-34, col. 10, lines 1-9, & col. 17, lines 32- 
40). A firewall (portal) is connected between the Internet (untrustworthy network) and 
the private (trusted) network (col. 3, lines 20-27 & col. 10, lines 28-31). Updates to the 
security policy statements (protection rules) are selectively transferred from the network 
management station's (server) database to the firewalls (portals) across the Internet 
(untrustworthy network)(col. 9, lines 17-32 & col. 10, lines 28-31). The teachings of 
Nessett et al disclose of controlling network traffic (col. 3, lines 53-54) and that a 
security policy dictates the way the network devices should accept or deny traffic 
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(communication transaction) according to the firewall (portal)(col. 17, lines 32-40), but 
the teachings of Nessett et al are silent in disclosing that the transfer of selected 
communication transactions from an untrustworthy network is prevented. It is disclosed 
by Sheldon that a firewall enforces security policies by monitoring traffic from outside 
the network such as the Internet (untrustworthy network) addressed to the internal 
network (trustworthy network) and selectively preventing the transfer of traffic 
(communication transactions) by applying security policies (protection rules)(pg 3 & 7). 
It would have been obvious to a person of ordinary skill in the art to have been 
motivated to apply means to prevent the transfer of communication transactions from an 
untrusted network as a means of protecting a trusted network from a malicious attack. 
Sheldon recites motivation for the use of firewalls implementing security policies to 
prevent the transfer of communication transactions from untrustworthy network whereby 
it is taught that firewalls keep hackers out of your network by monitoring for attacks and 
when one is detected, action is taken to prevent it from happening (pg 4). Although the 
teachings of Nessett et al disclose of the use of a firewall that enforces a security policy, 
it is obvious that the teachings of Nessett et al utilize the firewall as a measure to 
prevent the transfer of communication transactions from untrusted networks to a trusted 
network as is notoriously well known in the art and as evidenced by the teachings of 
Sheldon. 

The teachings of Nessett et al disclose of updating policy information 
corresponding to the firewall components (col. 5, lines 50-57), however the teachings of 
both Nessett et al and Sheldon fail to disclose that the firewall (portal) requests the 
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updates. It is disclosed by Antur et al of a firewall (portal) requesting updates (col. 9 t 
line 65 through col. 10, line 12). It is obvious to a person of ordinary skill in the art at the 
time of the invention to have been motivated to a portal that requests information to that 
its configuration is up to date. Antur et al recites motivation for the update process by 
disclosing that if a firewall is up to date, it can lessen the effects of security threats by 
identifying new threat patterns based upon the requested updates (col. 10, lines 3-12). 
It is obvious that the combined that the combined teachings of Nessett et al and 
Sheldon would have been able to detect new threat patterns by the firewall since the 
configurations were up to date based on the teachings of Antur et al. 



Allowable Subject Matter 

5. Claims 3-9 and 12-18 are objected to as being dependent upon a rejected base 
claim, but would be allowable if rewritten in independent form including all of the 
limitations of the base claim and any intervening claims. 

Conclusion 

6. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Christopher A. Revak whose telephone number is 571- 
272-3794. The examiner can normally be reached on Monday-Friday, 6:30am-3:00pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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Primary Examiner 
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